Lax oversight at national labs led to purchase cards abuse, GAO says

Purchase card programs at four government-owned, contractor-operated nuclear laboratories were abused in the last three years because the labs' internal control systems allowed for improper purchases, including a $1,559 reclining leather chair for a worker with back problems that could have been purchased for $599.

Two National Nuclear Security Administration labs and two Energy Department contractor labs are cited in separate reports by the Government Accountability Office in response to the FBI's 2002 investigation into two Los Alamos National Laboratory workers accused of misusing lab-issued purchase cards, as well as other allegations of theft and misuse of government funds.

GAO auditors discovered that weaknesses in the purchase card programs led to $326,396 in "improper, wasteful and questionable purchases" at Lawrence Berkeley National Laboratory in Berkeley, Calif., $97,348 at Lawrence Livermore National Laboratory in Livermore, Calif., $104,250 at Pacific Northwest National Laboratory in Richland, Wash. and $479,645 at Sandia National Laboratories in Albuquerque, N.M. While these amounts are from samples and are relatively small in the labs' multimillion-dollar purchase card budgets, the watchdog agency said "it demonstrates vulnerabilities from weak controls that could be exploited to a greater extent."

At Lawrence Berkley, which is run by the University of California, GAO cited wasteful expenses that included $985 for three Bose noise-canceling headsets and $403 for a Sharper Image air purifier. At the Lawrence Livermore lab, also run by the University of California, a cardholder purchased the $1,559 reclining chair and there were $28,220 in purchases that did not have receipts or invoices. At the Sandia lab, run by the Lockheed Martin Corp., abuse included four $228 laser pointers that can be purchased for as little as $90. The Pacific Northwest lab, operated by the Battelle Memorial Institute, recently implemented a number of policy changes, according to the report, but fraud, waste and abuse was still possible because the people responsible for monitoring purchase card policy compliance and authorizing spending limits were cardholders.

The reports (GAO-04-986, GAO-04-987, GAO-04-988 and GAO-04-989), resulted from investigations conducted between Oct. 1, 2001, and March 31, 2003. They found that the labs' internal controls for purchase cards did not ensure that only proper purchases are made and that inappropriate purchases are not always exposed. The reports also found that purchases do not always comply with lab policies and that the labs do not always properly record and track assets purchased with the cards.

Doreen Eng, an assistant director in GAO's Financial Management and Assurance division, said that while purchase cards are meant for simplicity, good internal systems of control are needed to make sure abuse does not occur. She said many of the labs were already taking action to better oversee purchases, but feedback in the reports from some of the labs suggested that they opposed GAO's recommendations because of cost restrictions. "For us, the more internal control weaknesses they had, the more at risk we considered them to be," Eng said.

The reports note weaknesses in the supervisory review process, where managers responsible for signing off on purchase card receipts will have cards themselves and that transactions often lack documentation like receipts or invoices. At each lab, numerous split purchases or multiple purchases of the same item, allowed cardholders to circumvent purchase limits. The GAO reports identified 116 split purchases totaling $641,917 in their sampling and data mining.

The GAO reports' recommendations for reducing the labs' vulnerability to improper, wasteful and questionable purchases in the card programs include:

Canceling accounts for cardholders who have oversight functions in the card program.

Allowing property management staff to review purchases to make sure that they are accounted for.

GAO auditors also recommended that the secretary of energy or the administrator of NNSA have the labs' contracting officer review wasteful and questionable items identified in the reports to decide whether they should be repaid for the purchase card acquisitions.

By using this service you agree not to post material that is obscene, harassing, defamatory, or
otherwise objectionable. Although GovExec.com does not monitor comments posted to this site (and
has no obligation to), it reserves the right to delete, edit, or move any material that it deems
to be in violation of this rule.

Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

In order to better understand the current state of external and internal-facing agency workplace applications, Government Business Council (GBC) and Riverbed undertook an in-depth research study of federal employees. Overall, survey findings indicate that federal IT applications still face a gamut of challenges with regard to quality, reliability, and performance management.

PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.